Vulnerabilities I found:

IBM DB2

Two DoS vulnerabilities in IBM DB2 9.5 (CVE-2009-0172, CVE-2009-0173):

IZ36534: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF SERV ICE.

IZ39373: SECURITY: MALICOUS DATA STREAM CAN CAUSE THE DB2 SERVER TO TRAP.

my blog post about it

Oracle RDBMS

CVE-2009-0991 in CPUapr2009 (CVSS 5.0):

Oracle Critical Patch Update Advisory - April 2009

my blog post about CVE-2009-0991 Listener vulnerability

Four vulnerabilities patched in CPUjul2009:

Oracle Critical Patch Update Advisory - July 2009

CVE-2009-1970 (CVSS 5.0): my blog post about CVE-2009-1970

CVE-2009-1963 (CVSS 7.5): my blog post about CVE-2009-1963

CVE-2009-1019 (CVSS 7.5): my blog post about CVE-2009-1019

CVE-2009-1020 (CVSS 9.0): my blog post about CVE-2009-1020

CVE-2009-1979 in CPUoct2009 (CVSS 10.0)

Oracle Critical Patch Update Advisory - October 2009

my blog post about CVE-2009-1979

CVE-2010-0071 in CPUjan2010 (CVSS 10.0)

Oracle Critical Patch Update Advisory - January 2010 (also listed among security-in-depth contributors)

my blog post about CVE-2010-0071

CVE-2010-0911 in CPUjul2010 (CVSS 7.8):

Oracle Critical Patch Update Advisory - July 2010

my blog post about CVE-2010-0911

Mentioned in CPUapr2011:

Oracle Critical Patch Update Advisory - April 2011

CVE-2011-2242 in CPUjul2011:

Oracle Critical Patch Update Advisory - July 2011

CVE-2012-0072 in CPUjan2012 (on behalf of McAfee Labs):

Oracle Critical Patch Update Advisory - January 2012

my blog post about CVE-2012-0072

CVE-2012-1745, CVE-2012-1746 and CVE-2012-1747 in CPUjul2012:

Oracle Critical Patch Update Advisory - July 2012

my blog post about three PoCs from CPUjul2012

DoS vulnerability in binkd FidoNet mailer:

2009/02/14 15:14:46 1.0a-525 gul
protocol.c,2.193,2.194
Bugfix: segfault on crafted input sequences,
possible remote DoS for multithread versions (win32 and OS/2).
Thanks to Dennis Yurichev.

CVS binkd history

→ [back to the main page]